Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: add interceptor TLS support to the add-on chart #642

Merged
merged 1 commit into from
Jun 24, 2024
Merged

feat: add interceptor TLS support to the add-on chart #642

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
5 changes: 5 additions & 0 deletions http-add-on/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -167,6 +167,11 @@ their default values.
| `interceptor.responseHeaderTimeout` | string | `"500ms"` | How long the interceptor will wait between forwarding a request to a backend and receiving response headers back before failing the request |
| `interceptor.scaledObject.pollingInterval` | int | `1` | The interval (in milliseconds) that KEDA should poll the external scaler to fetch scaling metrics about the interceptor |
| `interceptor.tcpConnectTimeout` | string | `"500ms"` | How long the interceptor waits to establish TCP connections with backends before failing a request. |
| `interceptor.tls.cert_path` | string | `"/certs/tls.crt"` | Mount path of the certificate file to use with the interceptor proxy TLS server |
| `interceptor.tls.cert_secret` | string | `"keda-tls-certs"` | Name of the Kubernetes secret that contains the certificates to be used with the interceptor proxy TLS server |
| `interceptor.tls.enabled` | bool | `false` | Whether a TLS server should be started on the interceptor proxy |
| `interceptor.tls.key_path` | string | `"/certs/tls.key"` | Mount path of the certificate key file to use with the interceptor proxy TLS server |
| `interceptor.tls.port` | int | `8443` | Port that the interceptor proxy TLS server should be started on |
| `interceptor.tlsHandshakeTimeout` | string | `"10s"` | The maximum amount of time the interceptor will wait for a TLS handshake. Set to zero to indicate no timeout. |
| `interceptor.tolerations` | list | `[]` | Tolerations for pod scheduling ([docs](https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/)) |

Expand Down
24 changes: 24 additions & 0 deletions http-add-on/templates/interceptor/deployment.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -62,11 +62,29 @@ spec:
value: "{{ .Values.interceptor.tlsHandshakeTimeout }}"
- name: KEDA_HTTP_EXPECT_CONTINUE_TIMEOUT
value: "{{ .Values.interceptor.expectContinueTimeout }}"
{{- if .Values.interceptor.tls.enabled }}
- name: KEDA_HTTP_PROXY_TLS_ENABLED
value: "true"
- name: KEDA_HTTP_PROXY_TLS_CERT_PATH
value: {{ .Values.interceptor.tls.cert_path }}
- name: KEDA_HTTP_PROXY_TLS_KEY_PATH
value: {{ .Values.interceptor.tls.key_path }}
- name: KEDA_HTTP_PROXY_TLS_PORT
value: {{ .Values.interceptor.tls.port }}
{{- end }}
ports:
- containerPort: {{ .Values.interceptor.admin.port }}
name: admin
- containerPort: {{ .Values.interceptor.proxy.port }}
name: proxy
{{- if .Values.interceptor.tls.enabled }}
- containerPort: {{ .Values.interceptor.tls.port }}
name: proxy-tls
volumeMounts:
- readOnly: true
mountPath: "/certs"
name: certs
{{- end }}
livenessProbe:
httpGet:
path: /livez
Expand All @@ -85,6 +103,12 @@ spec:
{{- toYaml .Values.securityContext | nindent 10 }}
{{- end }}
terminationGracePeriodSeconds: 10
{{- if .Values.interceptor.tls.enabled }}
volumes:
- name: certs
secret:
secretName: {{ .Values.interceptor.tls.cert_secret }}
{{- end }}
nodeSelector:
kubernetes.io/os: linux
{{- with .Values.interceptor.nodeSelector }}
Expand Down
5 changes: 5 additions & 0 deletions http-add-on/templates/interceptor/service-proxy.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,6 +11,11 @@ spec:
- name: proxy
port: {{ default 9091 .Values.interceptor.proxy.port }}
targetPort: proxy
{{- if .Values.interceptor.tls.enabled }}
- name: proxy-tls
port: {{ default 8443 .Values.interceptor.tls.port }}
targetPort: proxy-tls
{{- end }}
selector:
app.kubernetes.io/component: interceptor
{{- include "keda-http-add-on.matchLabels" . | indent 4 }}
12 changes: 12 additions & 0 deletions http-add-on/values.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -178,6 +178,18 @@ interceptor:
requests:
cpu: 250m
memory: 20Mi
# configuration of tls for the interceptor
tls:
# -- Whether a TLS server should be started on the interceptor proxy
enabled: false
# -- Mount path of the certificate file to use with the interceptor proxy TLS server
cert_path: /certs/tls.crt
# -- Mount path of the certificate key file to use with the interceptor proxy TLS server
key_path: /certs/tls.key
# -- Name of the Kubernetes secret that contains the certificates to be used with the interceptor proxy TLS server
cert_secret: keda-tls-certs
# -- Port that the interceptor proxy TLS server should be started on
port: 8443

# configuration for the images to use for each component
images:
Expand Down
Loading